Category: At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1

Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting Internet Explorer requires consistent MIME data for all received files. If you disable this policy setting Internet Explorer will not require consistent MIME data for all received files. If you do not configure this policy setting Internet Explorer requires consistent MIME data for all received files.

Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed. If you enable this policy setting binary behaviors are prevented for the File Explorer and Internet Explorer processes. If you disable this policy setting binary behaviors are allowed for the File Explorer and Internet Explorer processes. If you do not configure this policy setting binary behaviors are prevented for the File Explorer and Internet Explorer processes.

Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the ‘Add-on List’ policy setting are denied. Add-ons in this case are controls like ActiveX Controls Toolbars and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages. By default the ‘Add-on List’ policy setting defines a list of add-ons to be allowed or denied through Group Policy. However users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the ‘Add-on List’ policy setting. This policy setting effectively removes this option from users – all add-ons are assumed to be denied unless they are specifically allowed through the ‘Add-on List’ policy setting. If you enable this policy setting Internet Explorer only allows add-ons that are specifically listed (and allowed) through the ‘Add-on List’ policy setting. If you disable or do not configure this policy setting users may use Add-on Manager to allow or deny any add-ons that are not included in the ‘Add-on List’ policy setting. Note: If an add-on is listed in the ‘Add-on List’ policy setting the user cannot change its state through Add-on Manager (unless its value has been set to allow user management – see the ‘Add-on List’ policy for more details).

This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default any process other than the Internet Explorer processes or those listed in the ‘Process List’ policy setting ignore add-on management user preferences and policy settings. If you enable this policy setting all processes will respect add-on management user preferences and policy settings. If you disable or do not configure this policy setting all processes will not respect add-on management user preferences or policy settings.